Timing, as they say, is everything. The very day that the Scottish Government officially launched a consultation to determine how to best tackle cyber crime, news of a massive breach of around four million US government workers hit the headlines.
Add to this a survey by PwC, indicating that a staggering 90 per cent of larger organisations and 74 per cent of smaller businesses suffered a cyber attack last year, with an average cost per breach at larger firms of almost £1.5 million, and we begin to paint a picture of the increasing and potentially devastating impact of cyber crime.
The worry is that we are still not seeing nearly enough small to medium-sized enterprises (SMEs) addressing even the simplest cyber hygiene that could make a real difference to their security, their personal information – and of course their customer data.
Given that there are 341,000 SMEs that make up the backbone of the Scottish economy, this is an area in which we could make a real difference. As the Scottish Government and Police Scotland’s business resilience delivery arm, the Scottish Business Resilience Centre (SBRC) has been tasked with delivering the strategy to help equip organisations with the right tools and knowledge.
Last year, the Scottish Government gave a commitment to develop and bring forward a strategy that will take a positive approach to developing cyber resilience in Scotland, for the benefit of our people and our economy. Its consultation, A Cyber Resilience Strategy for Scotland: Safe, Secure and Prosperous Online, seeks to gather views on what we can all do to become more resilient online.
Smaller businesses can often feel that combating cyber fraud is extremely costly or even ineffectual against hackers who can appear able to defy any firewall, even those of government systems. The reality is it needn’t be that costly and there are steps that everyone can take. We have also at times encountered a hesitance that is totally understandable – no-one wants to be lectured or baffled by tech-speak, or worse, feel out of their depth. The truth is there are highly cost-effective solutions that the SBRC can offer to small businesses and much of what we do starts with the real basics – passwords, updates, not clicking on links, basic e-mail and wi-fi security.
Our innovative partnership with Dundee’s Abertay University – which offers a course in ethical hacking and countermeasures – has enabled us to recruit some of the sharpest student minds in computer hacking who seek to use their talents for good.
By carrying out an organisational or individual assessment, students can give expert insight and advice to protect against hackers at much less cost than elsewhere in the commercial world. Within a matter of hours or even minutes, they can show what is happening on a company’s network or how exposed an individual is on social media – and, most importantly, how to ensure they are safer in future.
It’s important for Scottish SMEs to know they have access to resources to combat cyber threats, and we need to make sure we are operating with a coherent strategy that can truly deliver for businesses. I therefore urge you help us shape policy by completing the simple 12-question consultation from the Government. Scotland has a proud history of innovation and we are committed to ensuring this continues and that Scotland is a safe and secure place in which to trade, work and live.
The consultation form can be downloaded from here
• Mandy Haeburn-Little is director of the Scottish Business Resilience Centre